7h3rAm's InfoSec Ramblings

Sunday, January 6, 2013

Last few weeks I've been busy migrating my blog over to GitHub. Finally, its ready to roll and I'm officially signing off from Blogger. For those few people who read my posts, see you @ http://7h3ram.github.com/

Sunday, September 2, 2012

The Millennium MP3 Studio version 1.0 is prone to a SEH overflow vulnerability. Processing specially-crafted .mpf files could trigger a SEH overwrite that could be leveraged further to gain arbitrary code execution. The exploit for this vulnerability has been documented at EDB: 9298

SoriTong MP3 Playerversion 1.0 is prone to a SEH overflow vulnerability. Processing specially-crafted .m3u file could trigger a SEH overwrite that could be leveraged further to gain arbitrary code execution. The exploit for this vulnerability has been documeneted at EDB: 8624

The TFM MMPlayer version 2.0 has a SEH overflow vulnerability. Processing specially-crafted .ppl file triggers SEH overwrite that could be leveraged further to gain arbitrary code execution. The exploit for this vulnerability has been documeneted at EDB: 19176

The Word List Builder version 1.0 has a SEH overflow vulnerability. Processing specially-crafted .dic dictionary files triggers a SEH overwrite that could be leveraged further to gain arbitrary code execution. The exploit for this vulnerability has been documented at EDB: 17086

The Shadow Stream Recorder version 3.0.1.7 has a classic stack-based buffer overflow vulnerability. Processing specially-crafted Advanced Stream Redirector (ASX) media files triggered a memory corruption error. This flaw could be exploited to gain arbitrary code execution. The exploit for this vulnerability is a vanilla EIP overwrite and has been first documented at EDB: 11957

Here is a complete rewrite of this exploit (I'm practicing exploit development and as such used EDB11957 as an example):